Applying artificial intelligence/machine learning (AI/ML) cybersecurity is a “hard problem,” but one with significant and promising progress, according to intelligence experts. Achieving this will require a combination of top-down and bottom-up efforts that leverage both government and industry cooperation, as each can benefit from unique capabilities and contributions of the other.
Greater concentration on separate physical security and cybersecurity has led to a major loophole characterized by the insider threat. Combining the two disciplines holds the key to protecting against devastating data breaches.
Cybersecurity protects from the inside-out, but a major loophole enables insider threats.—Robert Bauman, Trusted Systems Inc. #AFCEATechNet
— Bob Ackerman (@rkackerman) November 20, 2019
FreeAlliance.com LLC,* McLean, Virginia, is awarded a $15,299,578 cost-plus-fixed-fee contract for advanced cyber support services in support of the Marine Corps Cyberspace Operations Group. Work will be performed in Quantico, Virginia. This one-year contract includes four one-year option periods which, if exercised, would bring the cumulative value of this contract to an estimated $79,599,761. The period of performance of the base period is November 1, 2019, through October 31, 2020. If all options are exercised, the period of performance would extend through October 31, 2024. Fiscal year 2020 operations and maintenance (Marine Corps) funds in the amount of $1 million will be obligated at time of award. Fiscal 2020 operations and ma
The National Security Agency (NSA) has created a new Cybersecurity Directorate as a recognition that “the best defense against devastating cyber attacks is to unify as a nation against our threats,” the agency has announced.
The Department of Homeland Security’s new Cybersecurity and Infrastructure Security Agency, known as CISA, is charged with coordinating the protection of America’s critical infrastructure from cyber as well as physical attacks. Director Christopher Krebs recently released the agency’s top operational priorities. CISA, which was created in November 2018, will initially tackle supply chain risks, election security and industrial control system security, among other measures, according to the document, Cybersecurity and Infrastructure Security Agency: Strategic Intent.
The U.S. Navy is creating a new position emphasizing a cultural and operational change in cybersecurity to deal with increasing online threats that have already plagued the service and its contractors. The new position, special assistant to the secretary of the Navy for information management, will be established and filled in the next couple of weeks with a cyber expert from private industry, says Undersecretary of the Navy Thomas Modly.
RTL Networks Inc.,* Denver, Colorado, is awarded a $14,399,532 cost-plus-fixed-fee, indefinite-delivery/indefinite-quantity contract to provide services in the areas of cooperative cyber risk assessments and cyber table tops of fighter/attack (fixed and rotary wing) and surveillance aircraft or similarly complex aircraft, tactical unmanned aerial vehicles, GPS guided weapons or similarly complex weapons, training simulators, Portable Electronic Maintenance Aids equipment, software and development environments, and associated communications and networks. Work will be performed in China Lake, California (50%); Placentia, California (48%); and Denver (2%), and is expected to be completed in August 2024. No funds will be obligated at the tim
Data Intelligence LLC,* Marlton, New Jersey, is awarded a $12,584,840 indefinite-delivery/indefinite-quantity, cost-plus-fixed-fee contract to provide cybersecurity and security engineering-related services to the Department of Defense, National Guard Bureau and Department of Homeland Security. This two-year contract includes one, three-year option period which, if exercised, would bring the potential value of this contract to an estimated $31,832,280. Work will be performed in Marlton, New Jersey (25%) and in Philadelphia, Pennsylvania (75%), and work is expected to be completed June 18, 2021. If the option is exercised, work will continue through June 18, 2024. No funds will be obligated at the time of award.
Artificial intelligence and machine learning techniques could help information and network defenders recognize patterns of potential attackers so their next moves can be proactively blocked. In addition, cyber tools enhanced with these capabilities could provide a much more detailed picture of the cyber battlefield and increase the potential of success in a cyber campaign. This knowledge would complement the kinetic battlefield and could permit war planners to choose the appropriate mix of cyber and kinetic operations.
Sentar Inc.,* Huntsville, Alabama, was awarded a $10,426,896 hybrid (cost-no-fee and firm-fixed-price) contract for cyber security and information management support services. Twenty five bids were solicited with six bids received. Work will be performed in Huntsville, Alabama, with an estimated completion date of November 30, 2024. Fiscal year 2019 operations and maintenance, Army and Army working capital funds in the amount of $1,683,982 were obligated at the time of the award. U.S. Army Contracting Command, Redstone Arsenal, Alabama, is the contracting activity (W31P4Q-19-F-0323). *Small Business
Cyber is fundamentally changing the national security landscape. David Sanger, national security correspondent for The New York Times and author of The Perfect Weapon, used his keynote address on day two of the AFCEA-GMU C4I and Cyber Center Symposium not to explain what is happening, but why this is happening.
To illustrate the new age of weaponizing information, Sanger described the differences between Watergate and the hack of the DNC in December 2016. The Russians didn’t have to do anything the Watergate hackers did.
Legislators on Capitol Hill have formed the Cyberspace Solarium Commission, known as the CSC, which will put together a comprehensive U.S. cyber policy. Sen. Angus King (I-Maine), who is co-chairing the new organization with Rep. Michael Gallagher (R-Wisc.), announced the formation of the Geneva Convention-type commission in a call with reporters on May 13. The establishment of the commission was outlined in last year’s National Defense Authorization Act (NDAA), Sen. King said.
The cybersecurity workforce gap is real, and it’s growing. Based on a state-by-state analysis on CompTIA’s cyberstates.org, there are currently 320,000 open cyber jobs in the United States. By 2022, the projected shortage of cybersecurity professionals worldwide will reach 1.8 million, according to the Center for Cyber Safety and Education.
Thirty years after the Morris Worm, networks face a long and growing list of potential attack vectors employed by an almost limitless number of threat sources, including criminals, hacktivists and nation-state actors. In response to threats, the U.S. Defense Department has taken prudent measures to shore up vulnerable systems and networks. In accordance with the well-established practice of concentric rings of security, the most sensitive department data exists on its most secure and isolated networks.
The federal government is moving forward with coordinated efforts to improve its information system security before year’s end. Both growing threats and potential advantages are compelling these concurrent thrusts.
Suzette Kent, federal chief information officer, Office of Management and Budget, described these efforts during the Wednesday keynote address at the AFCEA Homeland Security Conference in Washington, D.C. Personnel, methodology and technology all are playing a role in these diverse actions, which aim to help secure government data and access to it.
The National Security Agency is now sharing the source code of Ghidra, its reverse engineering tool developed by the agency’s Research Directorate in support of its cybersecurity mission. Ghidra, a suite of software analysis tools, examines complied code using capabilities such as disassembly, assembly, decompilation, graphing and scripting.
Ghidra helps analyze malicious code and malware and improves cybersecurity professionals’ understanding of potential vulnerabilities in their networks and systems. With this release, developers can now collaborate, create patches and extend the tool to fit their cybersecurity needs.
Senior executives are increasingly interested in objective measurements to determine the robustness of their organizations’ cybersecurity protections. However, measuring the adequacy of network and data security can be likened to verifying the amount of air in a room: A formula can ascertain how much air the room contains in theory, but does it take into account the leaky windows?
The water and wastewater treatment industry is facing cybersecurity threats. The risks affect the sector disproportionately compared to other utilities, given local-level water processing operations.
Along with physically securing its critical infrastructure, the water industry has to leverage available tools to protect against cyber attacks, an expert says.
Russia may have popularized the manipulation of social media to further its own agenda, but it was not the first country to do so, nor will it be the last. A number of other countries are engaging in similar tactics, but so far have flown largely under the radar. The Oxford Internet Institute found that at least 28 countries worldwide are exploiting social media to influence the public opinion of their own or foreign populations.
In today’s environment, the network no longer can be considered a safe zone. Every asset an organization possesses and every transaction it conducts must be secured as if it were a standalone item continually exposed to the full range of cyber threats. The realization that perimeter protection alone is not sufficient has led to the security concept of Zero Trust. In this never-trust/always-verify approach, all entities and transactions rely on multiple solutions to work together and secure digital assets.